CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-4453 – GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-4453
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. . ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. ... An attacker can leverage this vulnerability to execute code in the context of the current process. • https://gitlab.freedesktop.org/tpm/gstreamer/-/commit/e68eccff103ab0e91e6d77a892f57131b33902f5 https://lists.debian.org/debian-lts-announce/2024/05/msg00019.html https://www.zerodayinitiative.com/advisories/ZDI-24-467 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4442 – Salon booking system <= 9.8 - Unauthenticated Arbitrary File Deletion
https://notcve.org/view.php?id=CVE-2024-4442
This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. ... This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible. • https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/9.8/src/SLN/Action/Ajax/RemoveUploadedFile.php#L5 https://plugins.trac.wordpress.org/changeset/3088196/salon-booking-system#file14 https://www.wordfence.com/threat-intel/vulnerabilities/id/eaafeadd-f44c-49b1-b900-ef40800c629e?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5023 – Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE
https://notcve.org/view.php?id=CVE-2024-5023
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Netflix ConsoleMe permite la inyección de comando. Este problema afecta a ConsoleMe: versiones anteriores a 1.4.0. • https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-002.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-48643
https://notcve.org/view.php?id=CVE-2023-48643
Shrubbery tac_plus 2.x, 3.x. and 4.x through F4.0.4.28 allows unauthenticated Remote Command Execution. • https://github.com/takeshixx/tac_plus-pre-auth-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-3640 – Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
https://notcve.org/view.php?id=CVE-2024-3640
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. ... Existe una ruta ejecutable sin comillas en Rockwell Automation FactoryTalk® Remote Access™ que, si se explota, podría provocar la ejecución remota de código. • https://www.rockwellautomation.com/en-us/support/advisory.SD1671.html • CWE-428: Unquoted Search Path or Element •